Daily Tech Digest - November 08, 2016

Cloud-Based Network Analysis Drills Down To Users And Apps

"The applications have never been in the domain of the network guys," said G.T. Hill, Nyansa’s director of technical and product marketing. Voyance+ will give them eyes in that realm, helping them investigate and solve specific user complaints, he said. The software can identify 218 applications so far, Hill said. For some, like Skype for Business and Cisco Unified Communications Manager, it uses APIs (application programming interfaces) for specific kinds of measurements. For some applications, including SaaS offerings, it uses third-party software to get application signatures. Nyansa can also identify custom enterprise applications as long as it has information like server names, Internet Protocol addresses, and TCP port numbers.


Smartphone Security: Technologies Protecting Your Personal Data

It was very well understood from the beginning that fingerprints will have issues – the efficiency and reliability of fingerprints get affected by age and occupation. Fingerprints are known to not work for women or children with soft skin and older people who have brittle skin. Fingerprints for people in manual labour get wiped out or get damaged, hence do not match affecting the efficiency and reliability. Iris, being a protected internal organ, does not get affected by external conditions, does not change with age or occupation. Hence, it is more efficient and reliable. With respect to response time, the current devices that have been used have certain technological limitations that force subjects to stand at specific distance and sensitive to motion etc.


Cloud Infrastructure Spending Is Increasing, but Is Cloud Adoption Jumping as Well?

Despite this growth in spending on IT infrastructure for the cloud, it’s unclear if cloud adoption is growing in tandem. An online survey of 500 business and IT executives conducted earlier this fall by industry trade group CompTIA found a broad decline over the past two years in the reported use of cloud-based apps, the Wall Street Journal reports, noting a decline in the use of business productivity, email and analytics tools; and collaboration, customer relationship management, enterprise resource planning and expense management apps. CompTIA’s survey found that the number of companies running cloud productivity tools this year fell to 45 percent, down from 63 percent in 2014.


Mobile is becoming the baseline for all branded digital experiences

For brands hoping to capitalize on all this, Ask recommends that they get started now on building those experiences, which will depend on agility, continuous learning and automation to succeed. To that end, Ask predicts that we’ll see three particular trends in 2017. First, consumer app fatigue will push enterprises to build a portfolio of mobile experiences to serve customers, as well as reinvest in their owned mobile moments with renewed investment in the web to support that breadth. Second, as mobile becomes more mission-critical to their business, enterprises will take more ownership of designing mobile experiences rather than outsourcing mobile-related projects to third parties.
 writes


What’s Next For IoT Security?

One of the big problems with security is a lack of consistent and current standards. Standards that do exist, such as Transport Layer Security, do little to secure a device such as a surveillance camera or a connected entertainment system, which the U.S. Department of Homeland Security identified as the culprits in the Dyn DDoS attack. Homeland Security Secretary Jeh Johnson said in a statement last month that his department has been “working to develop a set of strategic principles for securing the Internet of Things, which we plan to release in the coming weeks.” Still, even if everything works as planned, connected devices are not suddenly going to be secure overnight. For one thing, there are plenty of legacy devices in the market. For another, even where technology does exist it isn’t always used.


French Plan For Biometric Database of 60 Million People Sparks Outcry

Minister of State Axelle Lemaire told French journalists the megadatabase used 10-year-old technology and had real security problems. For the Council, the creation of TES (from the French abbreviation for Secure Electronic Identity Documents) will result in abuses "as inevitable as they are unacceptable." TES is a dramatic expansion of an existing database used for the creation of biometric passports. The government plans to merge it with the (non-biometric) database of holders of the French national identity card This cycle of clandestine database development followed by public outcry is nothing new: France has been here before. Several times.


Russian users far better at passwords than U.S. users

When it comes to names or email address usernames used in passwords, several countries finally did worse than the US. China was the worst offender with close to 14 percent, followed by India and then Pakistan. In the US, a little more than six percent committed this password sin, compared to a little less than four percent in Russia. While India and Pakistan tend to have close percentages, India scored a bit better. Ahmad wrote, “This proves the fact that Indian people are indeed better at security than Pakistani people.” Being from Pakistan, Ahmad said, “People here use really, really weak passwords.” He followed that comment with analysis about using the weakest passwords.


Solving Business Problems with Data Science

Data science is a catch-all term for a set of interdisciplinary techniques which put data to work to extract useful insights, predictions, or knowledge - calling on elements of statistics, programming, data mining, and machine learning. It shows up in a large variety of areas, some that are literally rocket science while others are much more prosaic. Data science is behind consumer internet magic like Amazon’s book recommendations or LinkedIn’s People You May Know. It’s behind new things like self-driving cars, which use these techniques to learn how to drive safely. And it’s behind day to day practical applications like a supermarket loyalty scheme, such as Tesco’s Clubcard, figuring out which vouchers to send you. The theory behind most of these applications has been around for decades.


IT/OT Convergence and Industrial Cybersecurity Q&A

The IT/OT convergence is a phrase used to describe the trend that is blurring the line between what had traditionally been well-differentiated classes of IT-based systems. As noted in my previous IT/OT blog, this trend is well established, but the full implications are still developing in areas such as the management and protection of systems against cyber security threats. The diversity of technologies involved ensures that there is effective collaboration across multiple disciplines. Key issues covered in the recent webinar include: How the convergence is reflected in international standards for cybersecurity, such as ISA/IEC 62443 The typical and needed responses from the various stakeholders The importance of consequence estimation for the asset owner


How Do You Define Prevention?

It’s time to adopt a new definition for the word “prevention” when it comes to cybersecurity. New or next-generation prevention should stop focusing on trying to stay on top of a constantly changing pool of malicious tools and start focusing on the underlying techniques employed by threat actors, such that blocking a single technique could stop an entire class of attacks. The fact is that, while malware and other tools are growing in number daily, the ways cyberattackers use to deliver threats (spear phishing or stealing legitimate credentials, for example) haven’t changed nearly as significantly. In light of this, wouldn’t it be more efficient to focus on stopping the methods used to deliver threats, rather than the threats themselves?



Quote for the day:


"Encouraging Smart Risk Taking Doesn't Mean Tolerating Dumb Mistakes." --  @GordonTredgold